Branded Admin Security & Risk Analysis

wordpress.org/plugins/branded-plugins-branded-admin

Display custom header & footer in the WordPress Admin area. 2.7 compatible.

70 active installs v1.2 PHP + WP 2.7+ Updated Mar 26, 2009
adminbranding
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Branded Admin Safe to Use in 2026?

Generally Safe

Score 85/100

Branded Admin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago
Risk Assessment

The security posture of "branded-plugins-branded-admin" v1.2 appears to be mixed, with some positive indicators but significant areas of concern. The absence of known CVEs and a clean vulnerability history are strong points, suggesting the plugin has not been a common target for exploits and has a history of being maintained without critical flaws. The static analysis also shows no dangerous functions, no raw SQL queries, and no external HTTP requests, which are all good practices. However, the lack of any output escaping for the four identified outputs is a major red flag. This means that any user-supplied data displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the complete absence of nonce checks and capability checks, combined with zero AJAX handlers and REST API routes that *do* have authentication checks, suggests a potentially large, unprotected attack surface for any interactive elements the plugin might introduce, even if none are explicitly detailed in this report. The lack of taint analysis data is also noteworthy, preventing a full understanding of potential data manipulation risks.

Key Concerns

  • All identified outputs lack proper escaping
  • No nonce checks found
  • No capability checks found
Vulnerabilities
None known

Branded Admin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Branded Admin Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Branded Admin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped4 total outputs
Attack Surface

Branded Admin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionadmin_headbranded-admin.php:27
actionupdate_right_now_messagebranded-admin.php:37
filteradmin_footerbranded-admin.php:48
filteradmin_footerbranded-admin.php:72
Maintenance & Trust

Branded Admin Maintenance & Trust

Maintenance Signals

WordPress version tested2.7.1
Last updatedMar 26, 2009
PHP min version
Downloads7K

Community Trust

Rating0/100
Number of ratings0
Active installs70
Developer Profile

Branded Admin Developer Profile

Kerry Webster

2 plugins · 370 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Branded Admin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/branded-admin/branded-admin.css

HTML / DOM Fingerprints

CSS Classes
branded_footer
FAQ

Frequently Asked Questions about Branded Admin